Behavioural gaps in cybersecurity leave organizations exposed

The global surge in cyberattacks has turned organizational cybersecurity behaviour into a critical area of research. A new bibliometric analysis explores how academic and industry-driven studies are converging to better understand the human dimension of digital security.

The study, “A Bibliometric Analysis of Cybersecurity Behaviour in Organization,” published in SAGE Open, examines 1,569 research publications indexed in the Scopus database from 2012 to 2022. It provides a detailed map of the field, uncovering patterns in publication growth, geographical contributions, key themes, and collaboration networks that are shaping the way organizations approach cybersecurity risk and resilience.

Rising global focus on human-centric cybersecurity

The analysis shows that organizational cybersecurity behaviour has transitioned from a niche research topic to a dominant area of academic inquiry. Publications addressing the human element in cybersecurity have grown steadily, jumping from just 11 in 2012 to nearly 500 in 2022. This growth reflects a heightened awareness across industries that human behaviour accounts for the vast majority of successful cyber breaches and that technology alone is insufficient to mitigate evolving threats.

The United States leads the global landscape with 536 publications and over 4,800 citations, driven by significant investments in cybersecurity research, robust collaboration between industry and academia, and the development of policy frameworks that integrate human factors into digital security strategies. China and the United Kingdom follow closely, with strong contributions from India, Australia, Canada, Italy, Spain, and Saudi Arabia. This geographical distribution signals a shift toward a more globalized research environment, where emerging economies are increasingly contributing to high-impact studies.

The dominance of conference proceedings as the primary publication channel indicates a field that values rapid dissemination of findings and collaboration between researchers and practitioners. Peer-reviewed journal articles and book series also play a significant role, but the preference for conference platforms reflects the urgency of sharing insights in a rapidly evolving digital environment.

Key Themes and Collaboration Patterns Driving the Field

The study’s keyword mapping and co-authorship analysis reveal the central themes guiding current research. The majority of publications fall within computer science and engineering, but there is a growing intersection with social sciences, psychology, and decision sciences, underscoring the multidisciplinary nature of cybersecurity behaviour.

Six main clusters dominate the research landscape:

• Human factors and risky behaviours, with a focus on how employees’ actions contribute to vulnerabilities.
• Cyber-attack detection and security incidents, including strategies for identifying and mitigating threats.
• AI-driven approaches, such as machine learning and deep learning, to predict and manage security risks.
• Cyber-physical systems and smart infrastructure, which explore how human behaviour interacts with increasingly complex technological ecosystems.
• Policy and organizational frameworks aimed at building resilient security cultures.
• Behavioural analytics, highlighting how data can be used to predict insider threats and design effective training programs.

Collaboration is another defining characteristic of the field. The analysis found that most papers are co-authored, with an average of nearly four authors per publication, reflecting a strong network of partnerships between universities, corporations, and policy institutions. Influential figures such as Coventry L. and Rege A. stand out for their contributions to human-centred cybersecurity research, while high citation counts for scholars like Anwar M. and Li L. point to their impact on shaping the field’s trajectory.

This collaborative environment not only accelerates innovation but also helps translate academic insights into actionable strategies for organizations, bridging the gap between theory and practice.

Implications, Challenges, and Opportunities

Human behaviour plays a critical role in organizational cybersecurity and provides actionable insights for multiple stakeholders. For businesses, the evidence reinforces the importance of building strong security cultures, implementing continuous training, and fostering employee awareness to mitigate insider threats and human error. For policymakers, the data highlights the need for national strategies that integrate human-centric approaches with advanced technological solutions.

One of the study’s key observations is the increasing application of AI and analytics in understanding and predicting cybersecurity behaviour. This trend is expected to grow, with organizations using predictive modelling to anticipate risks and design interventions tailored to employee behaviours and organizational contexts.

However, the authors also identify several gaps and limitations in the current research landscape. The reliance on a single database, Scopus, means that relevant studies indexed in other platforms such as Web of Science, IEEE Xplore, and Google Scholar were not captured. Expanding the scope of future analyses to include multiple databases and using advanced tools like SciMAT could provide a more comprehensive picture of the field’s evolution.

The study also highlights the need for deeper exploration of emerging technologies and human interaction. As organizations adopt more complex cyber-physical systems, smart infrastructures, and AI-driven processes, understanding how individuals interact with these systems will be crucial for designing effective security frameworks.

For researchers, the analysis provides a roadmap for identifying high-impact collaboration opportunities and trending topics. For example, cross-disciplinary partnerships between behavioural scientists and technologists are likely to yield innovative approaches to cybersecurity education, risk assessment, and organizational policy development.